Break

How To Crack A Password Hash Using CPU & GPU

Passwords hashing is used to secure passwords. Hashing is a common technique across various software and tools.

Hashing is used as security mechanism for preventing plain text information known to others. Its mathematically impossible to calculate a plain text for Hash since hashing is one way process. Still there are different ways exist that can crack hash and retrieve your password or other sensitive information that may have been hashed.

Hashing technique is mostly applicable to protect password like information since its a one way process.

Why Password Hashing Is Considered Secure

Hashing is a one way process. This guarantees that hash of a plain text value can be generated however the process can not be reversed. Most software and websites use this way to store password since the user knows the password. Whenever they need to authenticate the user, they generate the hash of user input and match it with stored password.

This mechanism guarantees that even the software provider themselves do not know your password.

However there are hacking and cracking tools as well as other techniques described below that may be able to find out your password from a hash.

Today we will learn about Cracking the Hashes using CPU and GPU.

CPU: Central Processing Unit

GPU: Graphical Processing Unit

We will cover:

What is a Hash ?

What is the need of a Hash ?

Why Hash over Encryption or Encoding ?

Hardware configuration

Tools required

Hash cracking [CPU]

Hash cracking [GPU]

Hash cracking using Search engine

Why such a difference ?

What Is A Hash ?

A. A Cryptographic function that converts a data or file of arbitrary length or size to a fixed length, which is considered practically impossible to invert. see Wikipedia

What Is The Need Of A Hash ?

A major use of Hash is in the security field. To provide security or privacy to the user who is using any service of a company.

For example: You are using Gmail, Facebook, Twitter, eBay, Amazon or Online payment portals like Paypal. Where you use the service by providing your credentials(username/password)

There are basically 2 reasons:

Making it difficult for hackers to recover/retrieve Password, Online service(Gmail,eBay etc) or even Wi-Fi.

Even If company’s security is breached (Hacked), then also the user’s credentials are safe(only if you use strong password)

Why Hash Over Encryption And Encoding ?

Imagine a scenario, which perhaps happen to almost every Big banner, take it Google, Facebook, Yahoo! etc.

A website is compromised and User’s data(credentials) is compromised.

What is the thing that will make you worry when you come to know that, if you are a registered user on that site ? Yes! your Password (might be master password, for all your accounts).Now, It is in service provider’s hand to provide security to their consumers. Hence, Hashing is the solution.

How? well, you might be familiar with these terms:

Encoding/Decoding

Encrypt/Decrypt

and now, HashingNot going into the details, I will tell you a basic and most important feature of Hash which makes Hash much different and important over Encoding and Decoding. and that is :Encoded text/file can be Decoded, Encrypted text/file can be Decrypted, But hashed text/file can never be De-hashed.

Yes, Hash unlike Encryption/Encoding, is a One way process i.e when a text/file go through the Cryptographic hash function, it is converted into a fixed character length.

Example: md5 type hash has character length of 32, whereSHA1 has character length of 40.If we hash a string, say “test123″, md5 and SHA1 hash for “test123″ will be

Hash Cracking [CPU]

We will take MD5(Message Digest 5) cracking as an example to keep it simple and easy to understand. Install Cain & abel, then follow the instruction along, step-by-step:

Open Cain & abel

Press Alt+C to open Hash calculator

Type in “test123” and hit [ENTER], here “test123″ is our test string

You should see something similar,

Here we got the MD5, and other Hash for string “test123″ i.e CC03E747A6AFBBCBF8BE7668ACFEBEE5. select and copy the MD5 hash. NOTE: Hashing is Case sensitive, Hash for “Test123” will be absolutely different.

Click on Cracker tab, then select MD5 Hashes column in the left.

then right click and select Add to list.

Paste the copied MD5 hash and hit [ENTER]

Now, Hash is added to list. Right click on hash and select Brute-Force attack

Set max length to 7 and click Start, and you should see this .

Here I have set the Max length of the password to be 7 to just test the output of the tool, and cracking speed of the CPU. See the Password/Second CPU is testing : 6.3M (approx) and the remaining time i.e total time which will take CPU to recover the original string is 3.5 hours.

It is too lame to wait for 3.5 hours for a small string test123 of length of 7 characters with no special characters. isn’t it ? well, here comes the GPU cracking to put some speed in the process!

Hash Cracking [GPU]

igHashGPU is a password recovery tool specialized for ATI (RV) and nVidia (Cuda) based cards. It recovers password of hashes which are used over internet(weak), example md4/md5/SHA1.Lets get started,We have the MD5 string for test123 i.e CC03E747A6AFBBCBF8BE7668ACFEBEE5Follow the instructions along, step-by-step:

Right click and edit the file “example.cmd“. It is the example file for testing GPU speed of recovering MD5 password.

Paste the MD5 code in the file after \h: and it should look like this : ighashgpu.exe /h:CC03E747A6AFBBCBF8BE7668ACFEBEE5 /t:md5 /c:sd /min:4 /max:7

Close file. Click save and yes.

Select “Example.cmd” and hit [ENTER].

A command prompt window will open like this .

See the CURSPD(Current speed), ~50 Million. Nice! but not good, isn’t it ? see the battery symbol in lower right corner. Laptop is running on battery.

See what happens when I plug in the charger, notice the clock and speed.

WHOA! See the difference! from 50M to 195M passwords/second, isn’t it great ? from 6.3M pass/sec to 195M pass/sec. That’s a big Jump.

What you think how long it would have taken to recover the Password ?

Just 5 minutes and 53 seconds. See how much time we saved by using GPU. From 3+ hrs to just 5 minutes. isn’t it amazing ?also see the average speed also, 62,847 Million passwords/second.

CPU: ~3 hrs with 6M pass/sec GPU: ~6 min with 195M pass/sec

You might ask , Hey! can we crack this even faster ? well, the answer is Yes you can(not always though). How ?

Hash Cracking Using Search Engine [Google]

We had MD5 string copied, right? what you need to do is very simple.

Just paste and search the MD5 string i.e CC03E747A6AFBBCBF8BE7668ACFEBEE5 on Google. and you’re done!

Notice the text string “test123” and the Hash. So simple to recover the string from MD5, no ?Now see the time above, it took us to recover the original string. Just 0.31 seconds. not even a second. Wow! that’s great.You might be thinking why such a difference ? here’s the answer

Why Such A Difference ?

Difference in the speed is due to the architecture of the 3.

CPU: Uses 4 cores(Shared with system processes) at maximum, 8-cores in some cases.

GPU: Used 96 cores (In this case).

All the 96 cores(Parallel processing units) were 100% dedicated for the password recovery process unlike CPU, which was simultaneously handling the complete OS including background processes, GUI(mapping of pixels on screen),and many other processes.

Even if the CPU stop handling those, then also it won’t match GPU’s performance. difference because of the #of cores i.e 96 vs. 4 or 8

Latest GPU’s that I have seen comes with more than 400 cores. It can take you more than a billion passwords/second to recover the MD5 hashed string.

Google Don’t Crack The Hash.

Yes!, Google doesn’t crack/recover the string.It sends request for the specific Text input i.e the hash in our case, to all the servers, takes the response back and displays the result according to the page rank of the site.

There are plenty of online crackers, which can be used to crack a variety of hashes. They search their Database for the hash you have entered.

If the string of hash is already recovered by them, they will give it to you, else you have to pay to avail the service.An email is sent if the string has been recovered.

So, what google does is sending request to all these servers and displaying you the result. Result of the hash already cracked.

It certainly becomes the Top priority for hash cracking.Search google first, if you didn’t find the password, go for GPU cracking. Still didn’t succeed ? Try CloudCraker, crackStation, HashKillerYou can google “Online hash cracker” for more results.

Note: Cracking speed varies depending on factors like:

GPU configuration, ATI graphics cards are the best for this task.

Hash type, for SHA1 it will be even lesser and for WPA hash cracking it goes down to 4000 Pass/sec on my graphic card. see this list. My card’s performance is near to GeForce 8800 GTS (CUDA)Interested in WPA cracking, or WiFi pentesting ? Follow my WiFi Security and Pentesting Series
Hope you found this tutorial helpful. Let me know in the comment section.Thanks!

This article is contributed by Hardeep Singh (Facebook | Twitter). Hardeep is a guest author and Full time Blogger @ rootsh3ll.com, Security person, Penetration, tester, Linux and python Lover. Loves to share knowledge with everyone.